On 03/22/10 05:49 PM, John Plocher wrote: > On Mon, Mar 22, 2010 at 6:45 AM, Jan Damborsky<Jan.Damborsky at sun.com> > wrote: >> We could definitely support 'expire' property for root account as well - >> it would behave in the same way as for user account. >> >> I am not sure what the default behavior (specified in default.xml) >> should be for Automated Installer - do we want to force the admin >> to change the root password upon first use ? > > In a system where the user never logs in directly as root, but has an > admin account that uses pfexec, when would "first use" of the root > account after a new install actually happen? Would it ever happen?
Hi John, It would happen in default case, since then according to PSARC/2009/652, user would not be assigned with any execution profile. Then if one wanted to carry out admin tasks, other mechanism than pfexec would need to be used - in case of su(1M), user would be prompted to change root password upon the first use. I can see that might be cumbersome. Maybe we should consider to put other default values into SC manifest with the goal to reflect the most common way admin configures admin account which might be different comparing to how GUI creates user account. Jan
